MDKSA-2004:056-1

Problembeschreibung

Multiple buffer overflows exist in the krb5_aname_to_localname()
library function that if exploited could lead to unauthorized root
privileges. In order to exploit this flaw, an attacker must first
successfully authenticate to a vulnerable service, which must be
configured to enable the explicit mapping or rules-based mapping
functionality of krb5_aname_to_localname, which is not a default
configuration.
Mandrakesoft encourages all users to upgrade to these patched krb5
packages.
Update:
The original patch provided contained a bug where rule-based entries
on systems without HAVE_REGCOMP would not work. These updated
packages provide the second patch provided by Kerberos development
team which fixes that behaviour.